On 30.10.19 13:03, G.W. Haywood via clamav-users wrote: > I don't see what's confusing about this. > > The match is just an expression. It isn't magic. You could do just > the same thing from the command line for example with 'grep' although > it might take a while and you might need to read up about expressions. > Then you'll see that the word 'unexplainable' is incorrect. > > The replies from Mr. Varnell and Mr. Jones both point you in the right > direction, and Mr. Stern simply offered a methodical way of locating > the matching pieces in what might be an unwieldy file.
Yes, but ... > # split -b 80M all.tar all > # ll > total 445768 > -rw-r--r-- 1 root root 83886080 30. Okt 07:57 allaa > -rw-r--r-- 1 root root 80998400 30. Okt 07:57 allab > -rw-r--r-- 1 root root 164884480 29. Okt 08:00 all.tar > # clamdscan -v --fdpass all* > /root/clamcheck/allaa: OK > /root/clamcheck/allab: OK > /root/clamcheck/all.tar: Java.Trojan.Agent-36975 FOUND So "the expression" matches in all.tar, but not in allaa and not in allab. Hmmm? The expression could be partly in allaa and in allab. That's why I tried a different separation. > # split -b 77M all.tar all > # ll > total 445768 > -rw-r--r-- 1 root root 80740352 30. Okt 08:15 allaa > -rw-r--r-- 1 root root 80740352 30. Okt 08:15 allab > -rw-r--r-- 1 root root 3403776 30. Okt 08:15 allac > -rw-r--r-- 1 root root 164884480 29. Okt 08:00 all.tar > # clamdscan -v --fdpass all* > /root/clamcheck/allaa: OK > /root/clamcheck/allab: OK > /root/clamcheck/allac: OK > /root/clamcheck/all.tar: Java.Trojan.Agent-36975 FOUND Here "the expression" matches in all.tar, but not in allaa, not in allab, and not in allac. Hmmm again? For me this is confusing! Regards, Steffen _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
